Hashcat explained: How this password cracker works

Posted on by

569355 0 71886800 1721368947 Access To Username And Password Authentication Login By Weedezign Gettyimages 909818270 2400x1600 100842356 Orig

Hashcat examples

Hashcat dictionary attack

Since humans tend to use really bad passwords, a dictionary attack is the first and obvious place to start. Therockyou.txt word listis a popular option. Containing more than 14 million passwords sorted by frequency of use, it begins with common passwords such as “123456”, “12345”, “123456789”, “password”, “iloveyou”, “princess”, “1234567”, and “rockyou”, all the way to less common passwords such as “xCvBnM”, “ie168”, “abygurl69”, “a6_123”, and “*7¡Vamos!”.

Many other free wordlists exist on the internet, especially targeted at specific languages. Hashcat lets you specify the wordlist of your choice.

Hashcat combinator attack

Humans often create passwords that are two words mushed together. Hashcat exploits this using a combinator attack that takes two-word lists (also known as “dictionaries”) and creates a new word list of every word combined with every other word.